One such Cisco customer, cloud provider Key Information Systems of Agoura Hills, CA, is using ACI to provide cloud-enabled data center services to organizations in Southern California. KeyInfo is looking for ACI to provide it with multi-tenancy security, automated application-based network provisioning, and scalability of virtualized and non-virtualized workloads.

Over time, KeyInfo will combine ACI with an OpenStack managed hosting offering to provide an application policy-based networking component to OpenStack’s compute and storage-centric cloud fabric, says Clayton Weise, director of cloud services at KeyInfo. But for now, ACI and Cisco’s Nexus 9000 switches are replacing an aged Catalyst 6500 infrastructure with a higher performance fabric, and setting the foundation for new network-as-a-service offerings from the KeyInfo cloud.

“We did some fairly limited deployments of it early on,” Weise said, describing KeyInfo’s current ACI deployment as 12 leaf switches, four spines and three APIC controllers clustered together. “We were using it to replace Cat 6500 chassis. It was a migration in terms of moving the cabling and everything over. The next phase for us is we’re really going to use some of the functionality more heavily in our environment.”

That next phase is a bit more of a transition, Weise says, because KeyInfo also has an existing investment of Cisco Nexus 5000s to be migrated to the Nexus 9000s. It will take a bit more time because KeyInfo has to do a lot more design work to take advantage of more ACI functionality, he says.

After evaluating Cisco ACI, Juniper Networks’ Contrail and Arista Networks’ Software Defined Cloud Networking, KeyInfo selected ACI because of Cisco’s incumbency with the cloud provider, but also to instill some switch-based policy management of a hybrid, multivendor environment of server colocation, virtual infrastructure and legacy IBM AS/400 and AIX systems that need to participate in VXLANs.

“Having that type of encapsulation and de-encapsulation of what they’re doing in the VXLAN, doing that at the switch made a lot more sense for us,” Weise says. “It allowed us to merge those environments without a whole lot of difficulty.”

KeyInfo is also looking at extending the ACI fabric out across its DWDM optical network and into the customer premises. So longer term, ACI will be offered as a service from KeyInfo in addition to supporting the cloud provider’s own infrastructure.

And that service will ostensibly be application policy-based networking integrated with OpenStack’s compute and storage capabilities.

“OpenStack is pretty modular when it comes to compute and storage,” Weise says. “But when it comes to networking it’s a little bit more monolithic. ACI is the direction we’re going to go because it gives us the best flexibility.”

It will also ease implementation of firewalls and other security services that go beyond OpenStack’s “namespaces on a Linux box” security, he says.

“For a lot of our client base, that is totally unacceptable,” Weise says. Plus, some might have specific reasons for why they want to use Palo Alto Networks (firewalls) or (Cisco) ASA with intrusion protection. That kind of capability doesn’t comes easy with the way OpenStack is now so we have to use ACI to add network security-as-a-service on top of the services that are already there.”

Weise says a mix of different technologies will be used in conjunction with OpenStack group-based policy and ACI group-based policy to meet the “stringent requirements” of KeyInfo’s customers.

“We’re trying to stay away from being too much of a middleman” for translating and instantiating policies, Weise says.

The biggest challenge in implementing ACI was leaving the old CLI routines behind when defining, configuring and administering group-based policy, Weise says. The biggest benefit is the automation of configuring end point groups vs. manually touching each device in that group.

ARN Distributor Directory

ARN Vendor Directory

Slideshows

Selling the benefits of the software-defined data centre

In looking ahead to the future of the data centre, a software-defined reality is emerging. This exclusive ARN roundtable, in association with APC by Schneider Electric, Cisco, HPE, Lenovo and Veritas, assessed the benefits of selling a software-defined data centre strategy, uncovering the key market trends and ongoing partner opportunities.

The channel toasted the top performing players within the Australian market during 2017, as the 11th running of the ARN ICT Industry Awards kicked off with a Champagne Reception at the Hyatt Regency in Sydney - sponsored by Westcon-Comstor and Juniper Networks.

Copyright 2017 IDG Communications. ABN 14 001 592 650. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of IDG Communications is prohibited.